State Employee Suspected of Stealing 228,000 Medical Records

Below:

Next story in Security

A South Carolina man who accessed the confidential information of
228,435 Medicaid beneficiaries sent the cache of data to his own
private email account and forwarded it to at least one other
person, authorities say.

Christopher Lykes Jr. of Swansea, S.C., was arrested April 19 and
charged with five counts of violating medical confidentiality
laws and one count of disclosure of confidential information, the
Columbia, S.C., newspaper
The State reported.

Lykes is suspected of having gathered the confidential
information, which included Medicaid beneficiaries' names, phone
numbers, birth dates, addresses and Social Security numbers, and
sending it to his personal Yahoo email account, in 17 spreadsheet
files, beginning on Jan. 31 and ending April 2. More troubling:
Lykes allegedly forwarded the spreadsheets to at least one other
person, which increases the likelihood that the stolen records
could be leveraged for
identity theft or financial fraud.

Lykes, 36, was fired from his position at the South Carolina
Department of Health and Human Services on April 11, the day
after the HHS discovered the breach and seized his personal and
work computers.

The illegally accessed records included 22,604 Social Security
numbers, which doubled as people's Medicare ID numbers. Lykes
allegedly obtained the records "through a reporting process," HHS
director Tony Keck said. Investigators don't believe anybody's
health or financial information was compromised as a result of
the breach.

Keck said the breach "exposed a
specific security weakness inside the agency that we
have corrected. This was not an external event where someone
hacked into the agency." He added, "We are disappointed that one
of our own would violate that trust and are deeply apologetic for
not preventing the inappropriate release of this information."